As every experienced CSO understands all too well, security is a continuous exercise in evaluating and balancing a nexus of trade-offs between risk, cost, and user experience. This calculation becomes especially tricky when it comes to weighing the trade-offs between how to properly authenticate a user and do so without degrading their experience.
If you demand too much personal information from a new customer during the initial onboarding process to verify their identity (i.e., such as requiring a potential new user to send a photo of their driver’s license), you risk creating an onerous sign-up . . .